Tres Seaver wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Martin Aspeli wrote: > >> I've not done this yet: >> >>> 3) Change the Permission class in AccessControl so that it tries to >>> look up an IPermission utility and use the title of that utility as the >>> permission name, falling back on the current behaviour of using the >>> passed permission name directly. >> I'd like to solicit a bit more input before attempting this, as I got at >> least one -1. >> >> I think this is the bigger win, though, and I'd still like to do it >> unless performance becomes prohibitive or it turns out to be too >> invasive a change. > > - -1: I think both of those will be true. I also don't see much win. > > The major goal should be to unify the API for add-ons, rather than the > implementation: your #1 and #2 alaready did that, I think.
I had a deeper look last night, and I think this would be more invasive than I'd feared. I thought originally the Permission class was used everywhere, but on further inspection, I see that manually constructed '_Permission' strings are used in a lot of places, including C code. It frightens me slightly that, having pdb'd my way through AccessControl a number of times, I still have only a fuzzy idea about how the permissions system works, and I haven't found any solid documentation with the code. I think to unify the API, we'd need to: - Promote the zope.security checkPermission method like Hanno suggested - Change rolemap.xml in GenericSetup to accept Zope 2 names - Look at other places where permission names are passed around in code (there are a few places in Plone, for instance) and make sure we always prefer the Zope 3 dotted name. Martin -- Author of `Professional Plone Development`, a book for developers who want to work with Plone. See http://martinaspeli.net/plone-book _______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )